I have to host files on one server.. that other people have access to, but use a MySQL database on my server. I cant have people get into the database itself.. is there a way i can encrypt the mysql_connect() information?
or should I host a single file say database.php and use the include() function to call it from their server?
Encrypting Parts of code ??
Moderator: General Moderators
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Zend's Encoder may be of use: http://zend.com/store/products/zend-encoder.php
-
CyberSpatium
- Forum Newbie
- Posts: 21
- Joined: Thu Mar 20, 2003 12:23 pm
- Contact:
Create a new text file and enter your mysql server userid and pass info:
Save this flle and give it name, such as db_info. When you save it, make sure you save it outside your document root. So, for example, if your server path it:
then create a new directory (for this example, I made new directory called inc) and save the file in the new directory:
Now, you need to edit your httpd.conf file, and add this line:
Now, to use your userid and password in your scripts use:
This makes your scripts more secure now because you never have to use your userid and password in any of you scripts. And you dont have to include anything as well, so even if someone was able to get your source code, they would not get your mysql userid and pass. And your db_info file is outsite of your document root path and is not acceable to outside users. Just be carefull not to use phpinfo() or print_r($_SERVER) as it will expose your userid and password variables.
Code: Select all
SetEnv DB_USER “your_username”
SetEnv DB_PASS “your_password”Code: Select all
/user/www/domain.com/public_htmlCode: Select all
/user/www/domain.com/incCode: Select all
Include “/user/www/domain.com/inc/db_info”Code: Select all
UserID: $_SERVERї'DB_USER']
Password: $_SERVERї'DB_PASS']more on that solution can be read here: http://shiflett.org/articles/security-corner-mar2004